Data Bookmark Distribution

ABSTRACT

Computer systems and methods are provided for distributing a data bookmark. An interface of a first device receives a scope definition. The scope definition includes information that defines a scope of access to data that corresponds to data stored by one or more databases and identifying information that identifies at least one column, table, or dimension of the one or more databases. A pointer is generated for the data bookmark. The data bookmark is generated using the pointer and the scope definition. The generated data bookmark, including the pointer for the data bookmark and the scope definition that includes the identifying information that identifies the at least one column, table, or dimension of the one or more databases within the scope of access, is stored. The pointer for the data bookmark is transmitted to a second device that is distinct from the first device.

CROSS-REFERENCE TO RELATED APPLICATIONS

The present application is a continuation of and claims priority to U.S.patent application Ser. No. 15/346,591, filed Nov. 8, 2016, the entirecontents of which is incorporated herein for all purposes by thisreference.

TECHNICAL FIELD

The disclosed embodiments relate generally to a data analytics, and inparticular, to distribution of access information for secure storeddata.

BACKGROUND

Data security is a concern that drives the way businesses handle storageand distribution of information. Stored data may be protected by afirewall that provides access to particular data sources only via securenetwork connections. For example, a firewall may provide networksecurity for a business premises such that a database located on thebusiness premises is protected by the firewall.

While businesses must use security measures to protect data, it may alsobe desirable to provide limited access to users or applications thatwish to utilize the protected data from beyond the firewall. Forexample, a business may benefit from providing a data analyticsapplication with access to data from a protected database. Grantinglimited access to protected data would allow an off-site user, such asan employee or consultant, to provide data analytics services whilemaintaining data security.

SUMMARY

Without limiting the scope of the appended claims, after consideringthis disclosure, and particularly after considering the section entitled“Detailed Description,” one will understand how the aspects of variousembodiments are used to distribute data bookmarks.

There is a need for systems and methods for generating a data bookmarkthat includes information indicating a limited scope of access to one ormore databases that are secured in a private network, and transmitting alink to the data bookmark and/or a preview of information thatcorresponds to the limited scope of access to a remote device that isoutside of the private network. In this way, information about data thatcorresponds to the limited scope of access defined by a bookmark can bepresented in an application accessed by a device that is outside of thesecure private network, while sensitive data remains secure within theprivate network.

In some embodiments, a method for distributing a data bookmark includesreceiving, by an interface of a device that is secured in a privatenetwork, a scope definition. The scope definition includes informationthat defines a scope of access to data that corresponds to data storedby one or more databases that are secured in the private network. Themethod includes generating a pointer for the data bookmark. The methodfurther includes generating the data bookmark using the pointer and thescope definition. The method also includes storing, by the device thatis secured in the private network, the generated data bookmark. Themethod additionally includes transmitting information about the databookmark, including the pointer for the data bookmark, to at least oneremote device at a remote location that is outside of the privatenetwork.

In some embodiments, a system for distributing a data bookmark includesone or more processors, memory, and one or more programs. The one ormore programs are stored in the memory and configured to be executed bythe one or more processors. The one or more programs includeinstructions for carrying out the following actions. There is received,by an interface of a device that is secured in a private network, ascope definition. The scope definition includes information that definesa scope of access to data that corresponds to data stored by one or moredatabases that are secured in the private network. A pointer isgenerated for the data bookmark. The data bookmark is generated usingthe pointer and the scope definition. The device that is secured in theprivate network stores the generated data bookmark. Information aboutthe data bookmark, including the pointer for the data bookmark, istransmitted to at least one remote device at a remote location that isoutside of the private network.

In some embodiments, a computer readable storage medium stores one ormore programs. The one or more programs comprise instructions, whichwhen executed, cause a device that is secured in a private network tocarry out the following actions. There is received, by an interface of adevice, a scope definition. The scope definition includes informationthat defines a scope of access to data that corresponds to data storedby one or more databases that are secured in the private network. Apointer for the data bookmark is generated. The data bookmark isgenerated using the pointer and the scope definition. A device that issecured in the private network stores the generated data bookmark.Information about the data bookmark, including the pointer for the databookmark, is transmitted to at least one remote device at a remotelocation that is outside of the private network.

BRIEF DESCRIPTION OF THE DRAWINGS

So that the present disclosure can be understood in greater detail, amore particular description may be had by reference to the features ofvarious embodiments, some of which are illustrated in the appendeddrawings. The appended drawings, however, merely illustrate pertinentfeatures of the present disclosure and are therefore not to beconsidered limiting, for the description may admit to other effectivefeatures.

FIG. 1 is a system diagram of a data analytics system, in accordancewith some embodiments.

FIG. 2 is a system diagram of team server, in accordance with someembodiments.

FIG. 3 is an illustrative schema for data stored by a database, inaccordance with some embodiments.

FIG. 4 illustrates a graphical user interface of a data analyticsapplication, in accordance with some embodiments.

FIG. 5 is an illustrative data structure of a data bookmark, inaccordance with some embodiments.

FIGS. 6A-6C are flow diagrams illustrating a method for distributing adata bookmark, in accordance with some embodiments.

FIG. 7 is an example of a snippet 512 that corresponds to bookmark 500.

In accordance with common practice, some of the drawings may not depictall of the components of a given system, method or device. Finally, likereference numerals may be used to denote like features throughout thespecification and figures.

DETAILED DESCRIPTION

Numerous details are described herein in order to provide a thoroughunderstanding of the example embodiments illustrated in the accompanyingdrawings. However, some embodiments may be practiced without many of thespecific details, and the scope of the claims is only limited by thosefeatures and aspects specifically recited in the claims. Furthermore,well-known processes, components, and materials have not been describedin exhaustive detail so as not to unnecessarily obscure pertinentaspects of the embodiments described herein.

Data bookmarks as described herein allow users and applications within adata analytics system to receive links to bookmarks that define alimited scope of access to data stored in a database within a secureprivate network. The scope of access to data stored in the privatenetwork includes, e.g., the data stored in a database, data generatedbased on data stored in a database, and/or tools for organizing andanalyzing data stored in a database. The bookmarks are stored andmanaged at a device that is within the private network. In this way, theinformation that is shared beyond a secure private network is limited(e.g., to a bookmark link and/or a snippet preview of a scope of datadefined by a bookmark), while the bookmark definition and data beyondthe defined scope of the bookmark remain inaccessible to the user. Insome embodiments, the bookmark includes a security token for controllingaccess to the scope of data defined by the bookmark. In someembodiments, a bookmark is associated with a particular user or group ofusers, and user access parameters associated with the bookmark are usedto limit access to the scope of data defined by the bookmark.

FIG. 1 is a system diagram of a data analytics system 100, in accordancewith some embodiments. Data analytics system 100 includes a team server102 that is communicatively coupled to a database 104. Database 104represents, e.g., one or more databases, data sources, and/or filestores. Team server 102 and database 104 communicate via a dataconnection 106 that is secured by a firewall. In some embodiments, alldata communications between devices shown in a private network regionindicated by 108 are secured by a firewall. Private network region 108indicates, e.g., a business premises (such as an office, building, orcampus), a private cloud, or a virtual private cloud. In someembodiments, database 104 is stored by memory 202 (FIG. 2) of teamserver 102. In some embodiments, database 104 is stored in a datastorage device that is remote from team server 102 or across a pluralityof data storage devices that are remote from team server 102. In someembodiments, a meta-model that corresponds to a schema of database 104is stored by local meta-model 118.

Team server 102 executes a team server application program interface(API) 114. In some embodiments, team server API 114 handles requests toaccess data stored within private network 108, e.g., by performingauthentication of security tokens and/or applying user accessprivileges. In some embodiments, team server API 114 communicates with aremote API, such as central server API 130 to determine user accessprivileges (e.g., access to one or more bookmarks), as described furtherbelow. In some embodiments, team server 102 determines user accessprivileges in accordance with information stored by team server 102(e.g., when data access requests originate inside private network 108).

User computing device 110 is an example of a local device thatcommunicates with team server 102 (e.g., via team server API 114). Usercomputing device 116 is an example of a remote device that communicateswith team server 102 via team server API 114. User computing devices 110and 116 are, e.g., desktop or laptop computers and/or portable devicessuch as a phone or a tablet. In some embodiments, user computing device110 and/or user computing device 116 executes an analytics application112 that provides resources, such as tools for visualization,manipulation, analysis, and/or modeling, to aid a user in understandingdata received by the user computing device. For example, user computingdevice 110 executes a data analytics application 112 a and/or usercomputing device 116 executes a data analytics application 112 b. Insome embodiments, analytics application 112 includes a graphical userinterface to generate a data bookmark (e.g., as described below withregard to FIG. 4). In some embodiments, a bookmark stored by team server102 defines a scope of access to data from database 104 and analyticsapplication 112 uses information associated with the bookmark (e.g.,pointer information, as described below with regard to FIG. 5) to gainaccess to the defined scope of access to data from database 104.

When team server API 114 has determined that a user and/or applicationis authorized to access a data bookmark, (e.g., using secure tokeninformation and/or user authentication procedures), a user computingdevice (e.g., 110 and/or 116) is able to receive data from team server102 in accordance with the scope of data defined by the data bookmarkvia a one-way secure data connection 122.

In some embodiments, user computing device 116 communicates with teamserver API 114 of team server 102 via a virtual private cloud and/orvirtual private network connection 120.

In some embodiments, analytics application 112 is stored and distributedby and/or receives data from application server 124 located in the cloud(as indicated by region 126) via the Internet.

In some embodiments, data analytics system 100 includes a central server128 for user management across multiple teams. Central server 128communicates with user device 116 and team server 102 via the Internet(indicated by cloud region 126). Central server 128 performs usermanagement services such as user authorization and user subscriptionmanagement, e.g., in response to user management communications receivedvia central server API 130. In some embodiments, central server 128includes a user management application 132 for processing usermanagement communications. For example, user management application 132references user information storage 134, which includes, e.g., recordsof users registered with the system, team memberships of users, andinformation indicating access rights granted to users for bookmarksand/or projects (e.g., projects that include multiple bookmarks). Insome embodiments, central server 128 includes a shared meta-model 138 tostore metadata about databases across multiple team platforms. Forexample, shared meta-model 138 includes data models, data-objects, userprofiles, and user access rights for access to multiple databases acrossteam platforms. In some embodiments, user management application 132references shared meta-model 138 to determine user access privilegesassociated with data bookmarks and/or projects.

In some embodiments, central server 128 communicates with one or morethird party service(s) 140, e.g., for user authentication, tokengeneration, and/or billing. For example, third party service(s) 140include an identity management service (such as a social network, e-mailprovider and/or internet service provider) that stores user accessinformation. When central server 128 receives a request to authenticatea user, central server 128 communicates with the identity managementservice to determine whether the user is to be authenticated.

For example, in some embodiments, when a user sends a request to teamserver API 114 for access to data stored within private network 108,team server API 114 communicates with central server API 130 to requestauthentication of the user. Central server 128 determines authenticationinformation for the user (e.g., authenticates the user and/or determinesaccess privilege information for the user), and sends authenticationinformation to team server API 114. In accordance with the receivedauthentication information, team server 102 allows or denies access todata stored within private network 108.

FIG. 2 is a system diagram of team server 102, in accordance with someembodiments. Team server typically includes one or more processor(s)202, a memory 204, a power supply 206, a communication system 208, and acommunication bus 210 for interconnecting these components.

Processor(s) 202 execute modules, programs and/or instructions stored inmemory 204 and thereby perform processing operations.

In some embodiments, the memory 204 stores one or more programs (e.g.,sets of instructions) and/or data structures, collectively referred toas “modules” herein. In some embodiments, memory 204, or thenon-transitory computer readable storage medium of memory 204 stores thefollowing programs, modules, and data structures, or a subset orsuperset thereof:

-   -   operating system 212;    -   team server API 114, which determines access privileges in        accordance with user authentication information and/or security        token authentication information, as described further above        with regard to FIG. 1;    -   validated token cache 214, which stores information regarding        tokens successfully validated by team server API 114;    -   local database cache 216, which replicates at least a portion of        data stored by database 104, and which is synchronized with        database 104 (e.g., periodically, in response to user input,        and/or based on another event that occurs during execution of an        application, such as a database interface application executed        by team server 102);    -   metadata 218 that includes information about database 104, such        as:        -   a data model 220 (e.g., a schema for database 104)        -   database access information 222, such as access keys and/or            passwords for database 104        -   user profile information 224, including user information            and/or information about user access rights 226 (that            control access to database 104); and    -   data bookmarks 228 storage area 228; and    -   data analytics application 112, which may be executed by team        server 102 and accessed via a user interface of team server 102        and/or user device 210.

The above identified modules (e.g., data structures, and/or programsincluding sets of instructions) need not be implemented as separatesoftware programs, procedures or modules, and thus various subsets ofthese modules may be combined or otherwise re-arranged in variousembodiments. In some embodiments, memory 204 stores a subset of themodules identified above. Furthermore, the memory 204 may storeadditional modules not described above. In some embodiments, the modulesstored in memory 204, or a non-transitory computer readable storagemedium of memory 204, provide instructions for implementing respectiveoperations in the methods described below. In some embodiments, some orall of these modules may be implemented with specialized hardwarecircuits that subsume part or all of the module functionality. One ormore of the above identified elements may be executed by one or more ofprocessor(s) 202. In some embodiments, user device 110 includes one ormore processors (e.g., as described with regard to processor(s) 202) andmemory (e.g., as described with regard to memory 204), and one or moreof the modules described with regard to memory 204 is implemented onuser device 110.

The communication system 208 enables communication with local devices(e.g., database 104, local meta-model 118, and/or user device 110)and/or remote devices (e.g., devices accessed via a network such as theInternet, as indicated at 232, such as user device 116, applicationserver 124, and/or central server 128), via a wired and/or wirelessconnection. In some embodiments, communication system 208 includescomponents and/or instructions for a secure data connection 106 (e.g., adata connection protected by a firewall) for communication between teamserver 102 and one or more local devices. In some embodiments,communication system 208 includes components and/or instructions toenable communication of data from database 104 to remote devices (e.g.,local user computing device 110, remote user computing device 116,and/or central server 128) via a one-way secure data connection 122 thatcarries outgoing data from team server 102 but does not carry incomingdata into team server 102. In some embodiments, communication system 208includes components and/or instructions for communications via a virtualprivate cloud and/or virtual private network connection 120. In someembodiments, communications via connection 120 are isolated fromcommunications via data connections 106 and 122 that are secured withinthe private network 108 (e.g., secured by a firewall).

Communication bus 210 optionally includes circuitry (sometimes called achipset) that interconnects and controls communications between systemcomponents.

FIG. 3 is an illustrative schema for data stored by database 104, inaccordance with some embodiments. The schema shows tables that indicatethe structure of data in database 104 and relationships between thetables. The illustrative schema includes customers table 302, inventorytable 304, and rentals table 306. Customers table 302 includes columns“Customer_ID,” “First_Name,” “Last_Name,” “Address,” “City,” “Country”,and “Postal_Code.” Entries in the customers 302 table of database 104would include data for each column. The “Customer_ID” column ofcustomers table 302 is a primary key (PK), which indicates that eachentry in this “Customer_ID” column is unique. The “Customer_ID” columnof customers table 302 is a primary key that is also a foreign key (FK),which indicates the “Customer_ID” column is referenced by another table(e.g., rentals table 306).

While FIG. 3 illustrates a schema of a relational database, it will berecognized that data bookmarks as described herein may be generated fordifferent types of databases. In some embodiments, a database model(such as a model of a relational database as illustrated in FIG. 3) isconverted to a multidimensional database model for use by data analyticsapplications (such as applications 112 a and/or 112 b). In someembodiments, a meta-model that corresponds to the schema illustrated inFIG. 3 is stored by private network 108. For example, a meta-model thatcorresponds to the schema of database 104 is stored by local meta-model118. A meta-model maps information from a schema of database 104, suchas one or more columns of database 104, to aspects of the meta-model,such as one or more dimensions of the meta-model. In this way,applications are able to access data from database 104 via themeta-model. When the schema of database 104 is changed, the meta-modelis re-mapped to the updated schema of database 104, which allowsapplications that rely on the data from the database 104 to continue toreference the data from database 104 via the meta-model withoutrequiring updates to the application.

FIG. 4 illustrates a graphical user interface 400 of a data analyticsapplication 112, in accordance with some embodiments. For example,graphical user interface 400 is a graphical user interface for a dataanalytics application 112 executed by team server 102, a data analyticsapplication 112 a executed by user device 110, and/or a data analyticsapplication 112 b executed by user device 116. As indicated at 402, auser with the username “a.user” is accessing the data analyticsapplication. For example, the user “a.user” has been authenticated byteam server 102 and/or central server 128 to use the data analyticsapplication 112).

In some embodiments, graphical user interface 400 includes a dataanalytics display area 404 that displays data from database 104 and/ordata corresponding to (e.g., data calculated from or otherwise based on)data in database 104. Typically, the data shown in data analyticsdisplay area 404 is selected, filtered, ordered, or otherwise hasoperations performed on it such that a subset of the data from database104 is shown in a format that facilitates data analysis. For example, asshown at a first pivot field 406, the user has selected (for example,using selection tools provided by an interface of the data analyticsapplication 112) a first pivot “>customer>address>city>country.” As aresult, data from a country column from database 104 (such as thecountry column of customers table 302, as shown in the illustrativedatabase of FIG. 3) is displayed in data analytics display area 404, asshown at 408. As shown at a second pivot field 410, a second pivot“>Inventory>film>language Name” has been selected by the user. As aresult, data from a language name column from database 104 (such as thefilm_language column of inventory table 304) is displayed, as shown at412. As shown at drop down menu field 414, a metric “COUNT rental” hasbeen selected by the user. As a result, a “COUNT rental” function hasbeen performed on subset of the data from database 104 that correspondsto the intersection of the first pivot and the second pivot, as shown at416. In this way, the user interface improves the speed and efficiencywith which a user can access and analyze information from database 104about the number of films of a film language that have been rented bycustomers in a country.

Time period selection control 418, filters control 422, and segmentcontrol 424 provide further tools for selecting and analyzing data. Forexample, a user uses time period selection control 418 to restrict ascope of data (e.g., displayed in analytics display area 404) to datathat corresponds to the selected time range (e.g., as shown at 420).Filters control 422 is used to select one or more filters to apply (orthat will be available to apply) to data from database 104 (e.g., datathat corresponds to the intersection of the first pivot and the secondpivot). Segment control 424 is used for selection of a segment, which isa defined scope of data that corresponds to data in database 104 (e.g.,one or more columns, tables, dimensions, relations, metrics, filters,pivots, and/or functions applied and/or available to apply to database104). Examples of segments include e.g., paying users, non-paying users,etc.

In some embodiments, a control is provided for selecting a datapresentation format. For example, using drop down control 426, a usercan select to display a chart that corresponds to the subset of data. Insome embodiments, controls for adjusting a data presentation formatincludes controls to adjust ordering of data from database 104 and/ordata corresponding to database 104.

In some embodiments, the graphical user interface 400 includes a control428 for saving the defined scope of data (e.g., one or more columns,tables, dimensions, relations, metrics, filters, pivots, and/orfunctions applied and/or available to apply to database 104) and/or thestate of the selected subset of data (e.g., the presentation formatand/or application state) as a data bookmark. In this way, informationabout a subset of data from database 104 is stored for future referenceby the user. Further, the bookmark includes a pointer that, when sent toanother user, is usable to access the defined scope of data. In thisway, team server 102 is enabled to provide a user with information abouta defined scope of data that is available to a device that is outside ofa private network, while restricting transmission of data from database104 beyond the private network based on the defined scope of access.

In some embodiments, the graphical user interface 400 includes a control430 for exporting a bookmark. In some embodiments, export control 430 isused to export a link to a bookmark to users beyond a private network(e.g., a network of devices indicated by region 108 in FIG. 1).

FIG. 5 is an illustrative data structure of a data bookmark 500, inaccordance with some embodiments. A data bookmark 500 includes metadatafor dynamically generating queries of data from database 104. In someembodiments, data bookmark 500 is stored in bookmarks storage 228 ofmemory 204 (FIG. 2). Data bookmark 500 typically includes a pointer 502and a scope definition 504 that includes information defining a scope ofaccess to data from database 104 and/or data corresponding to data fromdatabase 104.

Pointer 502, is, e.g., a uniform resource locator (URL) or other link toa network location, device location, and/or file location.

Scope definition 504 includes information that defines a scope of accessto data that corresponds to data stored by one or more databases (e.g.,database 104) that are secured (e.g., by a firewall) in a privatenetwork (such as a private network including the devices indicated inregion 108 of FIG. 1). For example, the scope definition 504 indicatesone or more columns, tables, and/or dimensions of database 104; and/orone or more relations, metrics, filters, pivots, and/or functionsapplied to and/or available to apply to database 104. In someembodiments, the scope definition includes information identifying oneor more columns and/or one or more tables of one or more databases (suchas the illustrative schema information for database 104 illustrated inFIG. 3). In some embodiments, the scope definition references ameta-model 118 (e.g., a dimension of meta-model 118) that corresponds toa schema of database 104, rather than referencing the schema of database104. By referencing meta-model information that corresponds to a schemaof database 104, rather than directly referencing the schema of thedatabase 104, it is possible to change the underlying data and/or schemaof database 104 without affecting the functionality of data bookmark500.

In some embodiments, the scope definition 504 is defined by informationprovided via graphical user interface 400. For example, one or morepivots, filters, periods, metrics, and/or segments defined usingcontrols of graphical user interface 500 are used to indicate the scopedefinition 504 of bookmark 500.

In some embodiments, the scope definition 504 includes data stored bydatabase 104 (e.g., data in rows of tables 302, 304, and/or 306 ofdatabase 104, such as last names stored in the “Last_Name” column ofcustomers table 302).

In some embodiments, the scope definition 504 does not include data thatis stored by the one or more databases (e.g., database 104) that aresecured in the private network 108 (e.g., the scope definition 504 doesnot include data that is stored in rows of tables 302, 304, and/or 306of database 104). For example, the data that corresponds to data storedby one or more databases, as defined by scope definition 504, includesinformation that is calculated based on data that is stored by one ormore databases (e.g., a total number of customers for which aCustomer_ID is stored in the Customers table 302), includes informationthat indicates one or more types of data stored by the database (e.g., adatatype of one or more columns of the one or more databases, such as a“VARCHAR” data type for the Last_Name column of Customers table 302),and/or includes a column name that corresponds to (but is differentfrom) a column name in the schema of the database (e.g., the name“Surname,” which is mapped to the Last_Name column of Customers table302), without including any of the underlying data from the database(e.g., from the rows of the database). In this way, a user that isoutside of the private network 108 is provided with access toinformation that is based on data stored in private network 108 withoutbeing provided access to data stored in database 104. In this way,information about the raw data stored by the database and/or informationabout the database schema is hidden from users that are outside ofprivate network 108.

In some embodiments, application 112 uses a data bookmark 500 to accessdata defined by scope definition 504 on behalf of the user. For example,when a user of application 112 a and/or 112 b is authenticated, a teamserver 102 authorizes access to all bookmarks stored by team server 102to which a user has been granted access (e.g., as indicated by useraccess rights 226 and/or access information stored by bookmark 500).

In some embodiments, application 112 holds an authorization key (APIkey) that defines a set of accessible resources. For example, when auser is granted access to application 112 a and/or 112 b, application112 uses its key (e.g., access token 508) to access a data bookmark 500stored by team server 102.

Scope definition 504 is described further below with regard to FIGS.6A-6C.

In some embodiments, data bookmark 500 includes an access token 508. Anaccess token is used to restrict access to a data bookmark 500 stored byteam server 102. For example, a token limits data bookmark 500, e.g., toone-time use, a defined number of uses, and/or use during a defined timeperiod. In some embodiments, a token is included in pointer 502 (e.g.,as a string of digits appended to a URL). A token is generated by, e.g.,team server 102, central server 128, and/or a third party service 140(e.g., an authentication service such as AuthO). For example, at thetime a bookmark is generated, the device generating the bookmark (e.g.,user device 110 and/or team server 102) sends a request via team serverAPI 114 (and/or central server API 130) to a third party service 140 fora token 508. A token generated by the third party service 140 isreceived by the requesting device and incorporated into the bookmark 500(e.g., as a part of bookmark pointer 502).

In some embodiments, data bookmark 500 includes application specificinformation 510. For example, application specific information includesinformation about how data from database 104 is displayed. Displayinformation includes, e.g., a data presentation format, such as chart,graph, and/or table and/or ordering information for one or more sets ofdata.

In some embodiments, data bookmark 500 includes a snippet 512. A snippet512 is a preview of data that is associated with scope definition 504 ofbookmark 500. In some embodiments, a snippet 512 includes a preview of aportion, less than all, of data from database 104 as defined by scopedefinition 504 (e.g., scope definition 504 includes data from database104 that would span multiple displayed pages of a graphical userinterface 400 of application 112, and snippet 512 includes a preview ofdata that would be displayed on a single displayed page). In someembodiments, a snippet 512 is a graphical presentation of a preview ofdata associated with scope definition 504, such as a table, chart, arrayof values, and/or single example of the data that corresponds to scopedefinition 504. In some embodiments, a snippet 512 in a preview ofdatatypes that are associated with scope definition 504 of bookmark 500.Snippet 512 includes, e.g., data that is stored in rows of database 104and/or data that is determined based on (e.g. calculated from) orotherwise associated with data stored in rows of database 104.

In some embodiments, bookmark 500 stores a snippet link 514 (e.g., asnippet URL that is distinct from a pointer link 502) that correspondsto snippet 512. For example, when a user device 110 uses a snippet link514 to request a snippet 512 from team server 102, team server 102provides snippet 512 to the user device 110. In some embodiments, asnippet 512 is transmitted from team server 102 and/or user device 110to a remote device 116 (in lieu of and/or in addition to snippet link514). In some embodiments, user authentication and/or token verificationis required to access the data indicated by the scope definition 504 ofbookmark 500, while displaying the snippet 512 does not require userauthentication and/or token verification.

In some embodiments, access to data indicated by the scope definition504 is limited to access within data analytics application 112, whereassnippet 512 is accessible without executing application 112. Forexample, when a local user of private network 108 sends a snippet link514 to a remote user, the remote user can view the snippet link in anapplication via which the snippet link was received (e.g., e-mail,messaging protocol, and/or social network application) In this way, auser is provided with a snapshot view of the data associated withbookmark 500 without needing perform user authentication and/oraccessing data analytics application 112. In some embodiments, thesnippet 512 includes an amount of data that does not exceed the amountof data that can be simultaneously displayed on the user interface (forexample, when the data defined by the scope of access includes multiplepages of data, the snippet includes a first page of the multiple pagesof data). In another example, the snippet includes data that is theresult of applying one or more filters, functions, and/or presentationformats to data defined by scope definition 504.

In some embodiments, the information for displaying a snippet 512includes different graphical preview information tailored to differentapplications (e.g., the information for displaying a snippet includes afirst snippet with a first snippet format for a first application and asecond snippet with a second snippet format that is different from thefirst snippet format for a second application).

In some embodiments, data bookmark 500 includes identificationinformation 510. For identification information 510 includes, e.g., abookmark name, a bookmark type, one or more projects associated with thebookmark 500 and/or one or more users associated with the bookmark 500.

In some embodiments, data bookmark 500 and/or team server 102 may storeaccess information to provide applications with access to data bookmark500 on an application by application basis.

FIGS. 6A-6C are flow diagrams illustrating a method 600 for distributinga data bookmark 500, in accordance with some embodiments. The method 600is performed at a device, such as team server 102 and/or user device110. For example, instructions for performing the method 600 are storedin the memory 204 (or a memory of user device 110) and executed by theprocessor(s) 202 of the team server 102 (or a processor of user device110). The device is secured (e.g., by a firewall) in a private network108.

The device receives (602), by a user interface of a device (e.g.,graphical user interface 400), a scope definition that includesinformation that defines a scope of access to data that corresponds todata stored by one or more databases that are secured (e.g., by afirewall) in the private network 108. For example, a user designates ascope of access to data using one or more controls (e.g., pivot controls406 and/or 410, metrics control 414, period control 418, filters control422, segments control 424, and/or data presentation control 426) ofgraphical user interface 400.

In some embodiments, bookmark 500 includes metadata that enables queriesto be performed on data referenced by the scope definition 504. Forexample, a query performed on data referenced by the scope definitionretrieves a dataset that includes, e.g., a query definition, a resultmetadata definition (indicating identification information for eachcolumn and/or dimension and the relationship between the query and thecolumn and/or dimension), and data from database 104 (and/or data basedon data from database 104) in a requested format. In some embodiments, abookmark 500 enables enacting an execution plan that includes aplurality of SQL statements. An example execution plan is providedbelow.

In some embodiments, a data bookmark 500 allows a user to override aparameter of scope definition 504. For example, a user may be enabled toadd or remove, e.g., a column, dimension, metrics, function, and/orfilter to scope definition 504.

In some embodiments (604), scope definition 504 includes informationthat indicates a portion, less than all, of the data stored by the oneor more databases (e.g., database 104). For example, a portion, lessthan all, of the data stored by the one or more databases includes datafrom (and/or data determined based on) one or more of a column, a set ofcolumns, a table, a set of tables, a database, a set of databases,and/or a view that includes data from one or more tables from one ormore databases. In some embodiments, the scope definition includesinformation about part or all of the data model of one or moredatabases.

In some embodiments, the scope definition includes information that mapsto part or all of the data model of one or more databases. For example,the scope definition references a meta-model (e.g., local meta-model118) that includes a representation of data stored by one or moredatabases. In some embodiments, a scope definition that references localmeta-model 118 indicates, e.g., a domain, dimension, metric, filter,and/or function of the meta-model 118 (and/or applicable to themeta-model 118). By storing information that references the meta-modelin data bookmark 500, a subset of the data from the one or moredatabases can be made available (e.g., to a remote user outside privatenetwork 108) via data bookmark 500 without exposing information aboutthe database schema to the remote user. An application that uses a databookmark 500 that references a meta-model 118 (rather than the databaseschema) is readily portable to a different database or schema, and isnot impacted by database changes.

In some embodiments, scope definition 504 includes (606) includes one ormore filters that are available to be applied to the portion, less thanall, of the data stored by the one or more databases (as described withregard to 604). For example, the one or more filters include, e.g., afirst filter that corresponds to a first film title stored in a firstrow of the Film_Title column of inventory table 304 of database 104 anda second filter that corresponds to a second film title stored in asecond row of the Film_Title column of inventory table 304 of database104. In this illustrative example, a user is able to select to apply thefirst filter, the second filter, or both the first filter and the secondfilter to the portion of data stored by the one or more databases.

In some embodiments, (608) scope definition 504 includes informationthat indicates at least one value determined by performing at least oneoperation on data stored by the one or more databases. For example,operations on the data stored by the one or more databases (e.g.,database 104) include metrics and functions, e.g., ABS, ACOS, ASC, ASIN,ATAN, AVG, COALESCE, CONCAT, COUNT, COUNT DISTINCT (e.g., to return anumber of distinct rows), DISTINCT, DESC, EXP, GREATEST, LEAST, LN, LOG,MAX, MEDIAN, MIN, MINUS, NULLIF, SIN, SQRT, STDDEV, SUM, TAN, and/orcustom metrics and/or functions. In some embodiments, operations on thedata stored by the one or more databases (e.g., database 104) includeother calculations performed using the data stored by the one or moredatabases, such as a custom (e.g., user defined) operation, a rollupoperation and/or a comparison operation. In some embodiments, the scopedefinition includes information that indicates one or more operationsthat are available to be performed on data stored by the one or moredatabases, such as the operations described above.

In some embodiments, scope definition 504 includes a filter that isbased on a value stored in a database (e.g., the value is included inthe scope definition).

In some embodiments, scope definition 504 includes a filter that isbased on a relative value (e.g., a relative value for defining atimeframe, such as “the last three months (from today)”). A relativevalue depends on the state of database 104 at a particular time and iscomputed when the bookmark is evaluated (e.g., when the bookmark isaccessed by application 112).

In some embodiments, scope definition 504 includes a filter that isbased on a formula (e.g., a formula using one or more operations asdescribed above, and/or a formula that defines a segment). In someembodiments, a formula is encapsulated in meta-model 118 such that theformula is not exposed in the scope definition of the data bookmark 500.

In some embodiments, scope definition 504 includes a filter that isapplied based on user parameters in accordance with user authenticationperformed (e.g., by a third party service 140) for a user. For example,if user parameters (e.g., stored in user information storage 134)indicate limits on the data that a user is able to access, such as “datafrom the past week,” the user parameter filter may be applied inaddition to any filters of the scope definition.

The device generates (610) a pointer 502 (e.g., a link, such as auniform resource locator (URL)) for the data bookmark 500. In someembodiments, the pointer 502 includes an access token 508. For example,the device obtains (e.g., receives from a remote source, such as thirdparty service 140, or generates, e.g., at team server 102) access token508. In some embodiments, access token 508 includes a cryptographic key.In some embodiments, access token 508 is activated for a defined periodof time. For example, when a user device 116 uses pointer 502 to requestaccess to content defined by a data bookmark 500 at team server 102,team server 102 analyzes access token 508 of pointer 502 to determinewhether the time of the request is within a defined period of time foraccess token 508, and responds to the request accordingly. In someembodiments, access parameters associated with access token 508 areadjustable. For example, access to a data bookmark 500 may be revoked bychanging a parameter stored by team server 102 (e.g., at database accessinformation 222). When a user device 116 uses pointer 502 to requestaccess to content defined by a data bookmark 500 at team server 102,team server 102 analyzes access token 508 of pointer 502 to determinewhether access to data bookmark 500 has been granted or revoked, andresponds to the request accordingly.

The device generates (612) the data bookmark 500 using the scopedefinition 504 and the pointer 502. In some embodiments, the databookmark 500 is generated in response to user input at detected atcontrol 428 of graphical user interface 400 (e.g., to store a databookmark 500 that is based on the parameters indicated in graphical userinterface 400).

In some embodiments, the data bookmark 500 includes (614) applicationstate information (e.g., stored in data bookmark 500 as applicationspecific information 510). Whereas scope definition 504 of data bookmark500 indicates a range of information that is accessible by bookmark 500,application state information of data bookmark 500 includes, e.g., oneor more filters, functions, range limits, sort order, and/orpresentation format for presenting part or all of the informationindicated by scope definition 504. For example, when a scope definition504 includes multiple filters that are available to be applied to datafrom database 104, application state information indicates a particularfilter of the multiple filters that is applied to the data from database104 when the application 112 (initially) uses data bookmark 500. A useris then able to use application 112 to apply additional or differentfilters from scope definition 504 to change the presentation of data inapplication 112.

In some embodiments, data bookmark 500 includes (616) information (e.g.,snippet link 514) for displaying a snippet 512 that is based the scopeof access to the data that is defined by the scope of access to the datastored by the one or more databases. In some embodiments, For example, asnippet 512 is a graphical preview of data accessible via data bookmark500.

In some embodiments, the information for displaying a snippet 512includes a snippet link URL 514 that corresponds to the snippet. Forexample, data bookmark 500 includes a first URL for pointer 502 and asecond URL 514 for snippet 512.

The device stores (618), by the device that is secured in the privatenetwork, the generated data bookmark 500. For example, the generateddata bookmark 500 is stored in bookmarks storage 228 of memory 204 ofteam server 102, as illustrated by FIG. 2. Team server 102 is a devicewithin private network region 108, which is secured, e.g., by a firewallof the private network 108.

The device transmits (620) information about the data bookmark 500,including the pointer 502 for the data bookmark 500, to at least oneremote device at a remote location that is outside of the privatenetwork (e.g., to a device beyond region 108, such as user device 116and/or central server 128). In some embodiments, the transmittedinformation about the data bookmark 500 includes snippet link 514. Forexample, a user within private network 108 (e.g., a user of local device110) transmits pointer 502 to a user outside of private network 108(e.g., a user of remote user device 116), e.g., via e-mail, messagingservice, a social network, and/or within application 112. In someembodiments, pointers 502 are exchangeable between local users withinprivate network 108. In some embodiments, pointers 502 are exchangeablebetween remote users outside of private network 108.

Pointer 502 and/or snippet link 514, when transmitted to the at leastone remote device at the remote location outside private network 108, isstored for use by a user (e.g., by memory of a user device 116) and/orby an application (such as a data analytics application 112 b thatdisplays a visual representation of some or all of the data (or based onthe data) defined by scope definition 504 of the data bookmark 500).

In some embodiments, when a user attempts to access data bookmark 500using pointer 502, team server API 114 evaluates a token embedded inpointer 502 to determine whether to authorize access to the data definedby scope definition 504 of data bookmark 500. In some embodiments, whena user attempts to access data bookmark 500 using pointer 502, teamserver API 114 performs authentication of the requesting user todetermine whether to authorize access to the data defined by scopedefinition 504 of data bookmark 500. For example, team server API 114sends a request to central server API 130 for central server 128 toperform the user authentication.

In some embodiments, at least some information associated with databookmark 500 is not transmitted to a remote device beyond privatenetwork 108 when the bookmark pointer 502 and/or bookmark snippet link514 are transmitted to the remote device. For example, scope definitioninformation 504 is not transmitted to a remote device when the bookmarkpointer 502 and/or bookmark snippet link 514 are transmitted to theremote device. Rather, when data bookmark 500 stored by team server 102is accessed by a user device (e.g., remote user device 116), team server102 uses scope definition information 504 to determine data that will beprovided to a remote user. In this way, scope definition information 504of data bookmark 500, and database schema information and/or meta-modelinformation referenced by scope definition information 504 is protected.Further, when scope definition information 504 is altered at team server102, bookmark 500 remains accessible to remote users that possesspointer 502.

In some embodiments, after transmitting the information about thegenerated data bookmark 500 to the at least one device (e.g., userdevice 116) at the remote location that is not secured in the privatenetwork, the device receives (622), by the user interface (e.g.,graphical user interface 400) of the device (e.g., team server 102and/or user device 110) that is secured in the private network 108,input that alters the scope definition 504. For example, the scopedefinition 504 is expanded to include one or more additional columns,tables, dimensions, relations, metrics, filters, pivots, and/orfunctions applied and/or available to apply to database 104; reduced toexclude one or more columns, tables, dimensions, relations, metrics,filters, pivots, and/or functions applied and/or available to apply todatabase 104; and/or revised to include a different set of columns,tables, dimensions, relations, metrics, filters, pivots, and/orfunctions applied and/or available to apply to database 104.

The device that is secured in the private network (e.g., team server102) stores (624) a revised data bookmark that includes the alteredscope definition (504). For example, team server 102 stores the reviseddata bookmark in bookmarks storage 228 of memory 204 of team server 102,as illustrated by FIG. 2.

The device transmits (626) information about the revised data bookmark,including the pointer 502 for the revised data bookmark (and/or asnippet link 514 for the revised data bookmark), to the at least oneremote device at the remote location (e.g., user device 116) that isoutside of the private network 108. In this way, a data bookmark 500that is used by an application (e.g., data analytics application 112 b)on a remote device can be revised with minimal impact on thefunctionality of application 112 b.

In some embodiments, the device stores (628), by the device that issecured in the private network (e.g., team server 102), a plurality ofdata bookmarks that includes the generated data bookmark 500. Forexample, the plurality of data bookmarks are stored in bookmarks storage228 of memory 204 of team server 102, as illustrated by FIG. 2. In someembodiments, information (e.g., bookmark identification information 516and/or bookmark snippet links 514) for at least a subset of theplurality of bookmarks in bookmarks storage 228 are exposed to a remotedevice (e.g., user device 116) via team server API 114. In this way, aremote device can request access to information associated with one ormore bookmarks exposed via team server API 114 (e.g., to allow a user toperuse available bookmarks). In some embodiments, a subset of theplurality of bookmarks that are made available to a remote device byteam server API 114 are limited in accordance with user accessparameters (e.g., as stored by user information storage 134 of centralserver 128 and/or bookmark identification information 516).

The device receives (630) a request to provide a subset of databookmarks from the plurality of data bookmarks 228 that includes thegenerated data bookmark 500. For example, the request is generated by auser (e.g., of user device 116 and/or user device 110) and/or by anapplication (e.g., data analytics application 112 a and/or dataanalytics application 112 b).

In response to the request, the device transmits information thatcorresponds to (632) the subset of data bookmarks (e.g., bookmarkidentification information 516 and/or snippet link 514), e.g., inaccordance with access privilege information associated with the subsetof data bookmarks and/or category information associated with the subsetof data bookmarks. For example, in some embodiments, only bookmarksassociated with a particular user and/or including particularinformation in bookmark identification information 516 are transmittedin response to the request.

An example of a data bookmark 500 is provided below.

{ “id”: { “projectId”: “dvdrental”, “bookmarkId”:“57d04fcd2dbe0c568819efa7” }, “path”: “/USER/546ca9680cf2d158717dc0a3”,“config”: { “bookmark”: null, “project”: “dvdrental”, “selection”: {“facets”: [ { “selectedItems”: [ { “type”: “i”, “lowerBound”:“2005-10-08T00:00:00.000+0000”, “upperBound”:“2015-10-31T00:00:00.000+0000” } ], “dimension”: { “id”: { “projectId”:“dvdrental”, “domainId”: “public:rental”, “dimensionId”:“e433950730abcb33c56e4b3de28f4ed64ef92c24c0523b36f6c8afc9561fec96” },“type”: “CONTINUOUS”, “expression”: { “value”: “to_date(‘rental_date’)”,“level”: 0 }, “parentId”: null, “attributes”: [ ], “visible”: true,“valueType”: “DATE”, “dynamic”: false, “oid”:“e433950730abcb33c56e4b3de28f4ed64ef92c24c0523b36f6c8afc9561fec96”,“objectType”: “Dimension”, “_role”: “OWNER”, “_children”: [ “attributes”], “name”: “Rental_Date” }, “id”:“@‘public:rental’.@‘e433950730abcb33c56e4b3de28f4ed64ef92c24c0523b36f6c8afc9561fec96’” }, { “selectedItems”: [ { “id”: “India”, “type”: “v”, “value”:“India” } ], “dimension”: { “id”: { “projectId”: “dvdrental”,“domainId”: “public:address”, “dimensionId”: “56eae20115abcc05b0e2b8b1”}, “type”: “CATEGORICAL”, “expression”: { “value”:“‘city’.‘country’.#‘country’”, “level”: 0 }, “parentId”: null,“attributes”: [ ], “visible”: true, “valueType”: “STRING”, “dynamic”:false, “oid”: “56eae20115abcc05b0e2b8b1”, “objectType”: “Dimension”,“_role”: “OWNER”, “_children”: [ “attributes” ], “name”: “Country” },“id”:“@‘public:rental’.@‘575063ad20297b4a3bd2c6f3d14e132603106d61b821422d9b561301830e1e8c’.@‘e2fb87ae8373f317b6035f412a9c1af89b1a4d8ae915e00ef958da5ad7def2fb’.@‘56eae20115abcc05b0e2b8b1’” } ], “compareTo”: [ ] }, “orderBy”: [ {“direction”: “DESC”, “expression”: { “value”:“@‘public:rental’.[measure:‘COUNT rental’]” } } ], “customer”:“51adbb070cf2749bfccf2569”, “domain”: “public:rental”,“currentAnalysis”: “tableAnalysis”, “availableDimensions”: [“@‘public:rental’.@‘f8d7ac83fPb9e6ec72967ab596da208f5a42fb4b996b21b0fc3e0b57263754dd’”, “@‘public:rental’.@‘56b1eaf015abcc3b4f3c2de4’”,“@‘public:rental’.@‘56b3331b15abcc3b4f3c3cbe’”,“@‘public:rental’.@‘e433950730abcb33c56e4b3de28f4ed64ef92c24c0523b36f6c8afc9561fec96’”,“@‘public:rental’.@‘c94447918967fabec1a88e66bc758095c254a8d6b58762f599bb528060fb2c70’”,“@‘public:rental’.@‘575063ad20297b4a3bd2c6f3d14e132603106d61b821422d9b561301830e1e8c’.@‘e2fb87ae8373f317b6035f412a9c1af89b1a4d8ae915e00ef958da5ad7def2fb’.@‘d347526835e5eb573c913b81b448b742286c05564d68399137b1e7437a9cb2df’.@‘9519368433d91f9818ce3e380bd4b7a18584336da11368b9e5b7371d1dab71a8’.@‘2046e5935e6082b28044c36a5f8aaaa90ece6578c565fabd210a0bda5028e139’”,“@‘public:rental’.@‘575063ad20297b4a3bd2c6f3d14e132603106d61b821422d9b561301830e1e8c’.@‘e2fb87ae8373f317b6035f412a9c1af89b1a4d8ae915e00ef958da5ad7def2fb’.@‘d347526835e5eb573c913b81b448b742286c05564d68399137b1e7437a9cb2df’.@‘b03fba2af583180d5689a93e157d0c4a08e614cb405a2baf682b840366337f0e’”,“@‘public:rental’.@‘575063ad20297b4a3bd2c6f3d14e132603106d61b821422d9b561301830e1e8c’.@‘e2fb87ae8373f317b6035f412a9c1af89b1a4d8ae915e00ef958da5ad7def2fb’.@‘6bdbfdeb773a582da6c7cffcd384ec4a232dca166b77c96b4fdcd302955814b6’”,“@‘public:rental’.@‘575063ad20297b4a3bd2c6f3d14e132603106d61b821422d9b561301830e1e8c’.@‘e2fb87ae8373f317b6035f412a9c1af89b1a4d8ae915e00ef958da5ad7def2fb’.@‘15a2d39a917bd8a5db61ca8c33213a831d98533c21a28366890082a9f5db531a’”,“@‘public:rental’.@‘575063ad20297b4a3bd2c6f3d14e132603106d61b821422d9b561301830e1e8c’.@‘e2fb87ae8373f317b6035f412a9c1af89b1a4d8ae915e00ef958da5ad7def2fb’.@‘56eae21715abcc05b0e2b8b7’”,“@‘public:rental’.@‘575063ad20297b4a3bd2c6f3d14e132603106d61b821422d9b561301830e1e8c’.@‘e2fb87ae8373f317b6035f412a9c1af89b1a4d8ae915e00ef958da5ad7def2fb’.@‘56eae20115abcc05b0e2b8b1’”,“@‘public:rental’.@‘575063ad20297b4a3bd2c6f3d14e132603106d61b821422d9b561301830e1e8c’.@‘e2fb87ae8373f317b6035f412a9c1af89b1a4d8ae915e00ef958da5ad7def2fb’.@‘5e8273dab115ea1de401716d27a2f1035d4ef8b0fc881bd8afbd4100bdaef8ee’”,“@‘public:rental’.@‘575063ad20297b4a3bd2c6f3d14e132603106d61b821422d9b561301830e1e8c’.@‘e2fb87ae8373f317b6035f412a9c1af89b1a4d8ae915e00ef958da5ad7def2fb’.@‘bdb5486f29a4683fb96de5421005edddce340f6f1c46ee3f11dcb014314157f0’”,“@‘public:rental’.@‘575063ad20297b4a3bd2c6f3d14e132603106d61b821422d9b561301830e1e8c’.@‘e2fb87ae8373f317b6035f412a9c1af89b1a4d8ae915e00ef958da5ad7def2fb’.@‘3ff1c7de69856117ce45d4b71d0e3eb00343904c7c3ae4630b827883df8edea2’”,“@‘public:rental’.@‘575063ad20297b4a3bd2c6f3d14e132603106d61b821422d9b561301830ele8c’.@‘56eae1b415abcc05b0e2b879’”,“@‘public:rental’.@‘4b30f7756d52be710ef582fe9c74fdf722bb423efb3d190333ec77be6a003424’.@‘2560c97ba45d46997b0665e266b84b10b30f9a96aa2c27723d754dbcdf2fdb55’.@‘4dd3aea014d8ded2c1f96f68e45edd1b5443305f7d4190d23517997e71af8ef9’.@‘b70a47718e3c703eb1514042b6612d4fd1e20c355fcd23a0999c49e42ec979cb’.@‘42492f1742ac0b030017a207a89c86425b470e8a6e95a277475da35ed3bb108c’”,“@‘public:rental’.@‘4b30f7756d52be710ef582fe9c74fdf722bb423efb3d190333ec77be6a003424’.@‘2560c97ba45d46997b0665e266b84b10b30f9a96aa2c27723d754dbcdf2fdb55’.@‘4dd3aea014d8ded2c1f96f68e45edd1b5443305f7d4190d23517997e71af8ef9’.@‘b70a47718e3c703eb1514042b6612d4fd1e20c355fcd23a0999c49e42ec979cb’.@‘56eae17215abcc05b0e2b859’”,“@‘public:rental’.@‘4b30f7756d52be710ef582fe9c74fdf722bb423efb3d190333ec77be6a003424’.@‘2560c97ba45d46997b0665e266b84b10b30f9a96aa2c27723d754dbcdf2fdb55’.@‘4dd3aea014d8ded2c1f96f68e45edd1b5443305f7d4190d23517997e71af8ef9’.@‘b70a47718e3c703eb1514042b6612d4fd1e20c355fcd23a0999c49e42ec979cb’.@‘0de48f425df6eedeae51d479d8aeca4d548622645e2117fc39f69d1ee882d18a’”,“@‘public:rental’.@‘4b30f7756d52be710ef582fe9c74fdf722bb423efb3d190333ec77be6a003424’.@‘2560c97ba45d46997b0665e266b84b10b30f9a96aa2c27723d754dbcdf2fdb55’.@‘4dd3aea014d8ded2c1f96f68e45edd1b5443305f7d4190d23517997e71af8f9’.@‘b70a47718e3c703eb1514042b6612d4fd1e20c355fcd23a0999c49e42ec979cb’.@‘26da82a608ec4a3715d1ca78c59815342cf060c8ee94dee81a34b6ab8a1ae5e6’”,“@‘public:rental’.@‘4b30f7756d52be710ef582fe9c74fdf722bb423efb3d190333ec77be6a003424’.@‘2560c97ba45d46997b0665e266b84b10b30f9a96aa2c27723d754dbcdf2fdb55’.@‘0a23e304c8b18d97e6b282db96a4fb54010ae04f052d0070e18ec9c785a9eb7c’.@‘e41e3cf0c831cd61cd60b480db925def049537b4faebe60c82179bf75d5a674b’.@‘a1b33bc1eef1e383d9777386b8f994ae976f00c1b9616bf2eb682835524a670a’”,“@‘public:rental’.@‘4b30f7756d52be710ef582fe9c74fdf722bb423efb3d190333ec77be6a003424’.@‘2560c97ba45d46997b0665e266b84b10b30f9a96aa2c27723d754dbcdf2fdb55’.@‘0a23e304c8b18d97e6b282db96a4fb54010ae04f052d0070e18ec9c785a9eb7c’.@‘e41e3cf0c831cd61cd60b480db925def049537b4faebe60c82179bf75d5a674b’.@‘d8123a553ada5d35ed87481626c9a5235b2988309b39183581e7e6400dababe6’”,“@‘public:rental’.@‘4b30f7756d52be710ef582fe9c74fdf722bb423efb3d190333ec77be6a003424’.@‘2560c97ba45d46997b0665e266b84b10b30f9a96aa2c27723d754dbcdf2fdb55’.@‘9344208045db08c9e255bddd27c77c4c82c19aa0bfe30185b8900868f3754115’.@‘a74cc2dd81b4356fe19757764c9d99f5fde55c2eb74a30a736b5a408ae32e82a’”,“@‘public:rental’.@‘4b30f7756d52be710ef582fe9c74fdf722bb423efb3d190333ec77be6a003424’.@‘2560c97ba45d46997b0665e266b84b10b30f9a96aa2c27723d754dbcdf2fdb55’.@‘9549bba37cb941c2895233f867300784aeb89095d1e8b47b0b5abbbd27856961’”,“@‘public:rental’.@‘4b30f7756d52be710ef582fe9c74fdf722bb423efb3d190333ec77be6a003424’.@‘2560c97ba45d46997b0665e266b84b10b30f9a96aa2c27723d754dbcdf2fdb55’.@‘58faf93 ce6c9fc6fe9c56d15e6136b6c446061a76e198e8269077451fddb8c03’”,“@‘public:rental’.@‘4b30f7756d52be710ef582fe9c74fdf722bb423efb3d190333ec77be6a003424’.@‘2560c97ba45d46997b0665e266b84b10b30f9a96aa2c27723d754dbcdf2fdb55’.@‘728f141f13048c715c3fc1e1488220816df82eea85ed6968f66376dc91d83ac7’”,“@‘public:rental’.@‘4b30f7756d52be710ef582fe9c74fdf722bb423efb3d190333ec77be6a003424’.@‘2560c97ba45d46997b0665e266b84b10b30f9a96aa2c27723d754dbcdf2fdb55’.@‘2a4d0612ee4b0c3b1f7eda77a7748df09a43e4d5c02fa7d859f6d4c638157c00’”,“@‘public:rental’.@‘4b30f7756d52be710ef582fe9c74fdf722bb423efb3d190333ec77be6a003424’.@‘2560c97ba45d46997b0665e266b84b10b30f9a96aa2c27723d754dbcdf2fdb55’.@‘2d07664d7547ba4f05f7bcbc27365995510e7d87875009dbf4a237732bd2b3c4’”,“@‘public:rental’.@‘4b30f7756d52be710ef582fe9c74fdf722bb423efb3d190333ec77be6a003424’.@‘2560c97ba45d46997b0665e266b84b10b30f9a96aa2c27723d754dbcdf2fdb55’.@‘576ba37e15abcc520afb77ab’”,“@‘public:rental’.@‘4b30f7756d52be710ef582fe9c74fdf722bb423efb3d190333ec77be6a003424’.@‘2560c97ba45d46997b0665e266b84b10b30f9a96aa2c27723d754dbcdf2fdb55’.@‘62f73246761273d1fa2237b462d74f8f35ef767abeda11328e44bb7a9b4adac6’”,“@‘public:rental’.@‘4b30f7756d52be710ef582fe9c74fdf722bb423efb3d190333ec77be6a003424’.@‘04b514783d41562326099b1c4b61f968c5abf7f08e4ce46a5a4bf54a4c37f5c6’”,“@‘public:rental’.@‘4b30f7756d52be710ef582fe9c74fdf722bb423efb3d190333ec77be6a003424’.@‘128459e35915c95facabc0965ef3d43d1a4d08e19bcf3dd50d7ed9feaae994be’”], “availableMetrics”: [“141445ddce0bb5fb3128f26150fdd8bdce87dea31447bc4ca825b75f50870d74”,“51d6c15e9e1c9576e88974c8f0a042adea5810680f195995ec21baf390b0efa0”,“5666a17515abcc53ff1d1f13”, “5666a32015abcc53ff1d1f5b”,“56b3323e15abcc3b4f3c3c5c”, “56b3328615abcc3b4f3c3caa”,“56b332c615abcc3b4f3c3cb4”,“b47681ec524c6b1ead41ccb7886eab52aa24559433af76d31e30a1948d02de4a” ],“chosenDimensions”: [“@‘public:rental’.@‘575063ad20297b4a3bd2c6f3d14e132603106d61b821422d9b561301830e1e8c’.@‘e2fb87ae8373f317b6035f412a9c1af89b1a4d8ae915e00ef958da5ad7def2fb’.@‘56eae20115abcc05b0e2b8b1’”,“@‘public:rental’.@‘4b30f7756d52be710ef582fe9c74fdf722bb423efb3d190333ec77be6a003424’.@‘2560c97ba45d46997b0665e266b84b10b30f9a96aa2c27723d754dbcdf2fdb55’.@‘62f73246761273d1fa2237b462d74f8f35ef767abeda11328e44bb7a9b4adac6’” ],“chosenMetrics”: [“141445ddce0bb5fb3128f26150fdd8bdce87dea31447bc4ca825b75f50870d74” ],“limit”: 1000, “maxResults”: 10, “startIndex”: 0, “period”: {“public:rental”:“@‘public:rental’.@‘e433950730abcb33c56e4b3de28f4ed64ef92c24c0523b36f6c8afc9561fec96’” } }, “bbid”: “dvdrental:57d04fcd2dbe0c568819efa7”, “dynamic”:false, “oid”: “57d04fcd2dbe0c568819efa7”, “objectType”: “Bookmark”,“_role”: “OWNER”, “name”: “Adrien's bookmark” }

An example of a pointer 502 for a data bookmark 500 is provided below.The pointer 502 includes an access token 508 (accesstoken=6a43f8b1-92a1-4a25-bf0c-e039b65b03c4):

https://api.squidsolutions.com/staging/v4.2/analytics/@‘dvdrental’.@bookmark:‘57d04fcd2dbe0c568819efa7’/query?period=%27Rental_Date%27&timeframe=2005-10-08&timeframe=2015-10-31&compareTo=&compareTo=&filters=%27customer%27.%27address%27.%27Country%27%3D%22India%22&filters=&groupBy=%27customer%27.%27address%27.%27Country%27&groupBy=%27inventory%27.%27film%27.%27Title%27&groupBy=&metrics=%27COUNT+rental%27&metrics=&orderBy=DESC%28%27COUNT+rental%27%29&orderBy=&limit=10&maxResults=100&startIndex=0&style=HTML&access_token=6a43f8b1-92a1-4a25-bf0c-e039b65b03c4

An example of a snippet 512 that corresponds to bookmark 500 is providedin FIG. 7.

An example of SQL code that corresponds to snippet 512 and bookmark 500follows:

/* computing KPI ‘COUNT rental’ */ SELECT       -- >customer >addressCountry (Dimension) a5.“country” AS “customer_address_country”     ,      -- >inventory >film Title (Dimension) a7.“title” AS“inventory_film_title”     ,       -- COUNT rental (Metric) COUNT(*) AS“count_rental” FROM       “public”.“rental” a1  LEFT OUTER JOIN“public”.“customer” a2  LEFT OUTER JOIN “public”.“address” a3  LEFTOUTER JOIN “public”.“city” a4  LEFT OUTER JOIN “public”.“country” a5 ON (a5.“country_id”=a4.“country_id”) ON (a4.“city_id”=a3.“city_id”) ON(a3.“address_id”=a2.“address_id”) ON (a2.“customer_id”=a1.“customer_id”) LEFT OUTER JOIN “public”.“inventory” a6  LEFT OUTER JOIN“public”.“film” a7 ON  (a7.“film_id”=a6.“film_id”) ON(a6.“inventory_id”= a1.“inventory_id”) WHERE       (-- filtering on:Rental_Date (((CAST(a1.“rental_date” AS DATE)>=DATE ‘2005-10-08 ANDCAST(a1.“rental_date” AS DATE)<=DATE ‘2015-10-31’))))     AND       (--filtering on: >customer >address Country (a5.“country”=‘India’)) GROUPBY a5.“country”, a7.“title” ORDER BY       “count_rental” DESC LIMIT 5

Features of the present invention can be implemented in, using, or withthe assistance of a computer program product, such as a storage medium(media) or computer readable storage medium (media) having instructionsstored thereon/in which can be used to program a processing system toperform any of the features presented herein. The storage medium (e.g.,memory 204) can include, but is not limited to, high-speed random accessmemory, such as DRAM, SRAM, DDR RAM or other random access solid statememory devices, and may include non-volatile memory, such as one or moremagnetic disk storage devices, optical disk storage devices, flashmemory devices, or other non-volatile solid state storage devices.Memory 204 optionally includes one or more storage devices remotelylocated from the CPU(s) 202. Memory 204, or alternatively thenon-volatile memory device(s) within memory 204, comprises anon-transitory computer readable storage medium.

Stored on any one of the machine readable medium (media), features ofthe present invention can be incorporated in software and/or firmwarefor controlling the hardware of a processing system, and for enabling aprocessing system to interact with other mechanism utilizing the resultsof the present invention. Such software or firmware may include, but isnot limited to, application code, device drivers, operating systems, andexecution environments/containers.

Communication systems as referred to herein (e.g., communication system208) optionally communicate via wired and/or wireless communicationconnections. Communication systems optionally communicate with networks,such as the Internet, also referred to as the World Wide Web (WWW), anintranet and/or a wireless network, such as a cellular telephonenetwork, a wireless local area network (LAN) and/or a metropolitan areanetwork (MAN), and other devices by wireless communication. Wirelesscommunication connections optionally use any of a plurality ofcommunications standards, protocols and technologies, including but notlimited to Global System for Mobile Communications (GSM), Enhanced DataGSM Environment (EDGE), high-speed downlink packet access (HSDPA),high-speed uplink packet access (HSUPA), Evolution, Data-Only (EV-DO),HSPA, HSPA+, Dual-Cell HSPA (DC-HSPDA), long term evolution (LTE), nearfield communication (NFC), wideband code division multiple access(W-CDMA), code division multiple access (CDMA), time division multipleaccess (TDMA), Bluetooth, Wireless Fidelity (Wi-Fi) (e.g., IEEE 102.11a,IEEE 102.11ac, IEEE 102.11ax, IEEE 102.11b, IEEE 102.11g and/or IEEE102.11n), voice over Internet Protocol (VoIP), Wi-MAX, a protocol fore-mail (e.g., Internet message access protocol (IMAP) and/or post officeprotocol (POP)), instant messaging (e.g., extensible messaging andpresence protocol (XMPP), Session Initiation Protocol for InstantMessaging and Presence Leveraging Extensions (SIMPLE), Instant Messagingand Presence Service (IMPS)), and/or Short Message Service (SMS), or anyother suitable communication protocol, including communication protocolsnot yet developed as of the filing date of this document.

It will be understood that, although the terms “first,” “second,” etc.may be used herein to describe various elements, these elements shouldnot be limited by these terms. These terms are only used to distinguishone element from another.

The terminology used herein is for the purpose of describing particularembodiments only and is not intended to be limiting of the claims. Asused in the description of the embodiments and the appended claims, thesingular forms “a,” “an” and “the” are intended to include the pluralforms as well, unless the context clearly indicates otherwise. It willalso be understood that the term “and/or” as used herein refers to andencompasses any and all possible combinations of one or more of theassociated listed items. It will be further understood that the terms“comprises” and/or “comprising,” when used in this specification,specify the presence of stated features, integers, steps, operations,elements, and/or components, but do not preclude the presence oraddition of one or more other features, integers, steps, operations,elements, components, and/or groups thereof.

As used herein, the term “if” may be construed to mean “when” or “upon”or “in response to determining” or “in accordance with a determination”or “in response to detecting,” that a stated condition precedent istrue, depending on the context. Similarly, the phrase “if it isdetermined [that a stated condition precedent is true]” or “if [a statedcondition precedent is true]” or “when [a stated condition precedent istrue]” may be construed to mean “upon determining” or “in response todetermining” or “in accordance with a determination” or “upon detecting”or “in response to detecting” that the stated condition precedent istrue, depending on the context.

The foregoing description, for purpose of explanation, has beendescribed with reference to specific embodiments. However, theillustrative discussions above are not intended to be exhaustive or tolimit the claims to the precise forms disclosed. Many modifications andvariations are possible in view of the above teachings. The embodimentswere chosen and described in order to best explain principles ofoperation and practical applications, to thereby enable others skilledin the art.

What is claimed is:
 1. A method for distributing a data bookmark, themethod comprising, at a first device: receiving, by an interface of thefirst device, a scope definition, wherein the scope definition includes:information that defines a scope of access to data stored by one or moredatabases, and identifying information that identifies at least onecolumn, table, or dimension of the one or more databases; generating apointer for the data bookmark; generating the data bookmark using thepointer and the scope definition; storing the generated data bookmark,wherein the generated data bookmark includes: the pointer for the databookmark, and the scope definition that includes the identifyinginformation that identifies the at least one column, table, or dimensionof the one or more databases within the scope of access; andtransmitting the pointer for the data bookmark to a second device thatis distinct from the first device.
 2. The method of claim 1, wherein thescope definition includes information that indicates a portion, lessthan all, of the data stored by the one or more databases.
 3. The methodof claim 2, wherein the scope definition includes one or more filtersthat are available to be applied to the portion, less than all, of thedata stored by the one or more databases.
 4. The method of claim 1,wherein the scope definition includes information that indicates atleast one value determined by performing at least one operation on thedata stored by the one or more databases.
 5. The method of claim 1,wherein the data bookmark includes application state information.
 6. Themethod of claim 1, wherein the data bookmark includes information fordisplaying a snippet that is based on the scope of access to the datathat is defined by the scope definition.
 7. The method of claim 1,including: after transmitting the information about the generated databookmark to the second device, receiving, by the user interface of thefirst device, input that alters the scope definition; storing a reviseddata bookmark that includes the altered scope definition; andtransmitting the pointer for the revised data bookmark to the seconddevice.
 8. The method of claim 1, including: storing a plurality of databookmarks that includes the generated data bookmark; receiving a requestto provide a subset of data bookmarks from the plurality of databookmarks that includes the generated data bookmark; and in response tothe request, transmitting the subset of data bookmarks.
 9. A system fordistributing a data bookmark, the system comprising: one or moreprocessors; memory; and one or more programs, wherein the one or moreprograms are stored in the memory and are configured to be executed bythe one or more processors, the one or more programs includinginstructions for: receiving, by an interface of a first device, a scopedefinition, wherein the scope definition includes: information thatdefines a scope of access to data stored by one or more databases, andidentifying information that identifies at least one column, table, ordimension of the one or more databases; generating a pointer for thedata bookmark; generating the data bookmark using the pointer and thescope definition; storing the generated data bookmark, wherein thegenerated data bookmark includes: the pointer for the data bookmark, andthe scope definition that includes the identifying information thatidentifies the at least one column, table, or dimension of the one ormore databases within the scope of access; and transmitting the pointerfor the data bookmark to a second device that is distinct from the firstdevice.
 10. The system of claim 9, wherein the scope definition includesinformation that indicates a portion, less than all, of the data storedby the one or more databases.
 11. The system of claim 10, wherein thescope definition includes one or more filters that are available to beapplied to the portion, less than all, of the data stored by the one ormore databases.
 12. The system of claim 9, wherein the scope definitionincludes information that indicates at least one value determined byperforming at least one operation on the data stored by the one or moredatabases.
 13. The system of claim 9, wherein the data bookmark includesapplication state information.
 14. The system of claim 9, wherein thedata bookmark includes information for displaying a snippet that isbased on the scope of access to the data that is defined by the scopedefinition.
 15. The system of claim 9, wherein the one or more programsinclude instructions for: after transmitting the information about thegenerated data bookmark to the second device, receiving, by the userinterface of the first device, input that alters the scope definition;storing a revised data bookmark that includes the altered scopedefinition; and transmitting the pointer for the revised data bookmarkto the second device.
 16. The system of claim 9, wherein the one or moreprograms include instructions for: storing a plurality of data bookmarksthat includes the generated data bookmark; receiving a request toprovide a subset of data bookmarks from the plurality of data bookmarksthat includes the generated data bookmark; and in response to therequest, transmitting the subset of data bookmarks.
 17. A non-transitorycomputer readable storage medium storing one or more programs, the oneor more programs comprising instructions, which when executed, cause afirst device to: receive, by an interface of the first device, a scopedefinition, wherein the scope definition includes: information thatdefines a scope of access to data stored by one or more databases, andidentifying information that identifies at least one column, table, ordimension of the one or more databases; generate a pointer for the databookmark; generate the data bookmark using the pointer and the scopedefinition; store the generated data bookmark, wherein the generateddata bookmark includes: the pointer for the data bookmark, and the scopedefinition that includes the identifying information that identifies theat least one column, table, or dimension of the one or more databaseswithin the scope of access; and transmit the pointer for the databookmark to the second device.
 18. The non-transitory computer readablemedium of claim 17, wherein the scope definition includes informationthat indicates a portion, less than all, of the data stored by the oneor more databases.
 19. The non-transitory computer readable medium ofclaim 18, wherein the scope definition includes one or more filters thatare available to be applied to the portion, less than all, of the datastored by the one or more databases.
 20. The non-transitory computerreadable medium of claim 17, wherein the scope definition includesinformation that indicates at least one value determined by performingat least one operation on the data stored by the one or more databases.21. The non-transitory computer readable medium of claim 17, wherein thedata bookmark includes application state information.
 22. Thenon-transitory computer readable medium of claim 17, wherein the databookmark includes information for displaying a snippet that is based onthe scope of access to the data that is defined by the scope definition.23. The non-transitory computer readable medium of claim 17 includinginstructions, which when executed, cause the device to: aftertransmitting the information about the generated data bookmark to thesecond device, receive, by the user interface of the first device, inputthat alters the scope definition; store a revised data bookmark thatincludes the altered scope definition; and transmit the pointer for therevised data bookmark to the second device.
 24. The non-transitorycomputer readable medium of claim 17 including instructions, which whenexecuted, cause the device to: store a plurality of data bookmarks thatincludes the generated data bookmark; receive a request to provide asubset of data bookmarks from the plurality of data bookmarks thatincludes the generated data bookmark; and in response to the request,transmit the subset of data bookmarks.